ServicesGovern & AssureFinance & TransactionsTransform & DigitizeOperate & Scale
FrameworkAI Policy DevelopmentResponsible AIData Governance
RegulationsGCC regulationsRegulations & standardsResearch & benchmarks
Insights
About
Contact
Book a consultation
Practice · Internal Audit & EQA

Independent audit, delivered to IIA standard.

Internal audit programme design, co-sourced fieldwork delivery, and External Quality Assessment (EQA) — anchored in decades of Big Four and group-level audit leadership at the region's leading financial centre.

What this practice does

The audit function, done to standard.

Internal audit only earns its seat at the table when it is independent, properly resourced, and delivered to the IIA's Global Internal Audit Standards (2024). This practice designs the audit charter and risk-based plan, delivers or co-sources fieldwork, and performs the External Quality Assessment every internal audit function is required to hold at least once every five years.

Core deliverables

Internal audit charterRisk-based audit planCo-sourced fieldwork deliveryExternal Quality Assessment (EQA)Audit committee reportingFollow-up and remediation tracking
At a glance
FrameworkIIA Global Internal Audit Standards 2024
OutputAudit plan + findings report
EQA cycleRequired at least every 5 years
Engagement modelCo-sourcing or fixed-scope
Pairs with
Why it matters now

An audit function is only as strong as its last review.

Internal audit stretched thin

Audit plans are growing — technology, third parties, now AI — while teams aren't. Co-sourcing puts senior capacity exactly where the plan needs it.

No independent quality check

IIA standards require an External Quality Assessment at least every five years. Many functions are overdue and cannot show conformance when asked.

Findings without follow-up

An issue raised and never closed is a repeat finding waiting to happen. Follow-up tracking is where audit credibility is actually won or lost.

Plans that chase last year's risks

An audit universe that isn't refreshed against current risk drifts away from what the board actually needs assurance on.

Scope of work

What we deliver.

Audit charter & risk-based plan

Charter, mandate and an audit universe prioritised against current enterprise risk — refreshed, not inherited.

Co-sourced fieldwork delivery

Partner-level fieldwork execution, flexed to your cycle — from single engagements to a full annual plan.

External Quality Assessment (EQA)

Independent conformance review against IIA Global Internal Audit Standards 2024, with a certifiable report.

§

Quality assurance & improvement

Internal QA programme design so conformance holds between formal EQA cycles, not just at them.

Findings & follow-up

Rating methodology, management action tracking and closure verification — so findings don't quietly reopen.

Audit committee reporting

Board-grade reporting on plan coverage, findings and follow-up status.

How we engage

Plan → Fieldwork → Report → Follow up.

1

Plan

  • Charter and mandate confirmation
  • Risk-based audit universe
  • Resourcing and scheduling
2

Fieldwork

  • Co-sourced or full delivery
  • Testing and evidence collection
  • Interim findings validation
3

Report & follow up

  • Findings and ratings
  • Audit committee reporting
  • Remediation tracking to closure

Get an audit function that would pass its own review.

Whether you need a full EQA or co-sourced fieldwork capacity, the first conversation is the same.

Book a consultation